Scribe Auth
Most calls to Scribe's API require authentication and authorization. This library simplifies this process.
You first need a Scribe account and a client ID. Both can be requested at support[atsign]scribelabs[dotsign]ai or through Intercom on https://platform.scribelabs.ai if you already have a Scribe account.
This library interacts directly with our authentication provider AWS Cognito meaning that your username and password never transit through our servers.
Installation
pip install scribeauth
This library requires Python >= 3.10 that supports typing.
Methods
1. Changing password
from scribeauth import ScribeAuth
access = ScribeAuth(client_id)
access.change_password('username', 'password', 'new_password')
2. Recovering an account in case of forgotten password
from scribeauth import ScribeAuth
access = ScribeAuth(client_id)
access.forgot_password('username', 'password', 'confirmation_code')
3. Get or generate tokens
With username and password
from scribeauth import ScribeAuth
access = ScribeAuth(client_id)
access.get_tokens(username='username', password='password')
With refresh token
from scribeauth import ScribeAuth
access = ScribeAuth(client_id)
access.get_tokens(refresh_token='refresh_token')
4. Revoking a refresh token
from scribeauth import ScribeAuth
access = ScribeAuth(client_id)
access.revoke_refresh_token('refresh_token')
5. Getting federated id
from scribeauth import ScribeAuth
access = ScribeAuth({'client_id': your_client_id, 'user_pool_id': your_user_pool_id, 'identity_pool_id': your_identity_pool_id})
access.get_federated_id('your_id_token')
6. Getting federated credentials
from scribeauth import ScribeAuth
access = ScribeAuth({'client_id': your_client_id, 'user_pool_id': your_user_pool_id, 'identity_pool_id': your_identity_pool_id})
access.get_federated_credentials('your_federated_id', 'your_id_token')
7. Getting signature for request
from scribeauth import ScribeAuth
access = ScribeAuth({'client_id': your_client_id, 'user_pool_id': your_user_pool_id, 'identity_pool_id': your_identity_pool_id})
access.get_signature_for_request(request='your_request', credentials='your_federated_credentials')
Flow
-
If you never have accessed your Scribe account, it probably still contains the temporary password we generated for you. You can change it directly on the platform or with the
change_password
method. You won't be able to access anything else until the temporary password has been changed. -
Once the account is up and running, you can request new tokens with
get_tokens
. You will initially have to provide your username and password. The access and id tokens are valid for up to 30 minutes. The refresh token is valid for 30 days. -
While you have a valid refresh token, you can request fresh access and id tokens with
get_tokens
but using the refresh token this time, so you're not sending your username and password over the wire anymore. -
In case you suspect that your refresh token has been leaked, you can revoke it with
revoke_token
. This will also invalidate any access/id token that has been issued with it. In order to get a new one, you'll need to use your username and password again. -
You can get your federated id by using
get_federated_id
and providing your id token. The federated id will allow you to useget_federated_credentials
to get an access key id, secret key and session token. -
Every API call to be made to Scribe's API Gateway needs to have a signature. You can get the signature for your request by using
get_signature_for_request
. Provide the request you'll be using and your credentials (useget_federated_credentials
to get them).
Command line
You can also use the package as follows for quick access to tokens:
python -m scribeauth --client_id clientid --user_pool_id user_pool_id --username username --password password
To flag an issue, open a ticket on Github and contact us on Intercom through the platform.